CD - Syft - Deploy `dev` to K8s

CD - Kubernetes - Dev #37

Workflow file for this run

.github/workflows/cd-syft-dev.yml at 9a30b96

	name: CD - Syft - Deploy `dev` to K8s

	on:
	schedule:
	- cron: "0 /3 * *"

	workflow_dispatch:
	inputs:
	none:
	description: "Run Tests Manually"
	required: false

	jobs:
	deploy-syft-dev:
	runs-on: om-ci-16vcpu-ubuntu2204
	steps:
	- name: Check for new changes
	id: cache
	if: github.event_name == 'schedule'
	uses: actions/cache@v3
	with:
	path: scripts/commit_hash # we don't care about the file, just the key
	key: dev-commit-${{ github.sha }}
	lookup-only: true

	- name: Quit if no new changes
	if: github.event_name == 'schedule' && steps.cache.outputs.cache-hit == 'true'
	run: exit 0

	- name: Permission to home directory
	run: \|
	sudo chown -R $USER:$USER $HOME

	- uses: actions/checkout@v4

	# Checkout Infra repo (nested)
	- name: Checkout Infra Repo
	uses: actions/checkout@v4
	with:
	repository: ${{ secrets.INFRA_REPO }}
	ref: "main"
	token: ${{ secrets.INFRA_BOT_COMMIT_TOKEN }}
	path: infrastructure

	- name: Set up Python
	uses: actions/setup-python@v3
	with:
	python-version: "3.11"

	- name: Set up Docker Buildx
	id: buildx
	uses: docker/setup-buildx-action@v3

	- name: Login to Azure CLI
	uses: azure/login@v1
	with:
	creds: ${{ secrets.AZURE_CREDENTIALS_GITHUB_CI }}}

	- name: Login to Azure Container Registry
	uses: azure/docker-login@v1
	with:
	login-server: ${{ secrets.ACR_SERVER }}
	username: ${{ secrets.ACR_USERNAME }}
	password: ${{ secrets.ACR_PASSWORD }}

	- name: Set Grid package version
	id: grid
	shell: bash
	run: echo "GRID_VERSION=$(python packages/grid/VERSION)" >> $GITHUB_OUTPUT

	- name: Build and push `grid-backend` image to registry
	uses: docker/build-push-action@v4
	with:
	context: ./packages
	file: ./packages/grid/backend/backend.dockerfile
	push: true
	target: backend
	tags: \|
	${{ secrets.ACR_SERVER }}/openmined/grid-backend:dev
	${{ secrets.ACR_SERVER }}/openmined/grid-backend:dev-${{ github.sha }}

	- name: Build and push `grid-frontend` image to registry
	uses: docker/build-push-action@v4
	with:
	context: ./packages/grid/frontend
	file: ./packages/grid/frontend/frontend.dockerfile
	push: true
	tags: \|
	${{ secrets.ACR_SERVER }}/openmined/grid-frontend:dev
	${{ secrets.ACR_SERVER }}/openmined/grid-frontend:dev-${{ github.sha }}
	target: grid-ui-development

	# TODO: Re-enable once we have Enclave up and running
	# - name: Build and push `grid-enclave` image to registry
	# uses: docker/build-push-action@v4
	# with:
	# context: ./packages
	# file: ./packages/grid/worker/worker.dockerfile
	# push: true
	# target: worker
	# tags: \|
	# ${{ secrets.ACR_SERVER }}/openmined/grid-enclave:dev
	# ${{ secrets.ACR_SERVER }}/openmined/grid-enclave:dev-${{ github.sha }}

	- name: Build and push `grid-headscale` image to registry
	uses: docker/build-push-action@v4
	with:
	context: ./packages/grid/vpn
	file: ./packages/grid/vpn/headscale.dockerfile
	push: true
	tags: \|
	${{ secrets.ACR_SERVER }}/openmined/grid-headscale:dev
	${{ secrets.ACR_SERVER }}/openmined/grid-headscale:dev-${{ github.sha }}

	- name: Build and push `grid-tailscale` image to registry
	uses: docker/build-push-action@v4
	with:
	context: ./packages/grid/vpn
	file: ./packages/grid/vpn/tailscale.dockerfile
	push: true
	tags: \|
	${{ secrets.ACR_SERVER }}/openmined/grid-tailscale:dev
	${{ secrets.ACR_SERVER }}/openmined/grid-tailscale:dev-${{ github.sha }}

	- name: Build and push `grid-vpn-iptables` image to registry
	uses: docker/build-push-action@v2
	with:
	context: ./packages/grid/vpn
	file: ./packages/grid/vpn/iptables.dockerfile
	push: true
	tags: \|
	${{ secrets.ACR_SERVER }}/openmined/grid-vpn-iptables:dev
	${{ secrets.ACR_SERVER }}/openmined/grid-vpn-iptables:dev-${{ github.sha }}

	- name: Build Helm Chart & Copy to infra
	shell: bash
	run: \|
	K3D_VERSION=v5.6.0
	DEVSPACE_VERSION=v6.3.3

	# install k3d
	wget https://github.com/k3d-io/k3d/releases/download/${K3D_VERSION}/k3d-linux-amd64
	mv k3d-linux-amd64 k3d
	chmod +x k3d
	export PATH=`pwd`:$PATH
	k3d version

	# Install devspace
	curl -sSL https://github.com/loft-sh/devspace/releases/download/${DEVSPACE_VERSION}/devspace-linux-amd64 -o ./devspace
	chmod +x devspace
	devspace version

	export CONTAINER_REGISTRY=${{ secrets.ACR_SERVER }}
	export VERSION=dev-${{github.sha}}
	tox -e syft.build.helm

	rm -rf infrastructure/gitops/environments/dev/
	mkdir -p infrastructure/gitops/environments/dev/
	cp -R packages/grid/helm/syft/. packages/grid/helm/manifests.yaml infrastructure/gitops/environments/dev/

	- name: Commit & push changes to Infra Repo
	uses: EndBug/add-and-commit@v9
	with:
	author_name: ${{ secrets.OM_BOT_NAME }}
	author_email: ${{ secrets.OM_BOT_EMAIL }}
	message: "[env] Update dev helm charts"
	add: "."
	push: "origin main"
	cwd: "./infrastructure/"

	- name: Cleanup Azure Container Registry
	uses: azure/CLI@v1
	with:
	# SKIP_LINES = latest version dev & dev-<sha> (2 lines) + keep "n" previous version (n lines) + 1
	inlineScript: \|
	ACR_REGISTRY_NAME=${{ secrets.ACR_REGISTRY_NAME }}
	REPO_LIST=$(az acr repository list -n $ACR_REGISTRY_NAME -o tsv)

	KEEP_PREV_VERSIONS=1
	TAIL_FROM_LINE=$((2 + $KEEP_PREV_VERSIONS + 1))

	for repo in $REPO_LIST
	do
	echo "Cleaning up '$repo'"
	az acr repository show-tags --name $ACR_REGISTRY_NAME --repository $repo --orderby time_desc --output tsv \| tail -n +$TAIL_FROM_LINE \| xargs -r -I% az acr repository delete --name $ACR_REGISTRY_NAME --image $repo:% --yes
	done

	- name: Save Commit SHA
	# only for cache to hit
	run: echo "${{ github.sha }}" > scripts/commit_hash

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CD - Kubernetes - Dev #37

Workflow file

CD - Kubernetes - Dev #37

Jobs

Run details

Workflow file for this run